Senior Soc Analyst – Incident Commander

Our client is looking for a Senior SOC Analyst (Incident Commander) to join their IT Team. This role will be part of a globally enabled cyber operations with twin teams in the US and APAC regions.

You will be leading all regionally based security incidents in partnership with the regional governance teams as well as supporting the incident response plan for major security incidents impacting the global operation. Working with the regional and wider analysts team, you will proactively detect and contain cyber related threats, and provide an in-depth threat detection analysis in real time and handling all incidents.

Your Role

• Drive major incidents to resolution and provide direct incident response
• Provide direction to an off-site security operations team, ensuring appropriate hours of coverage for Gallagher global operations, inclusive of incident hand over
• Build management Information Reports and coordinate actions
• Ensure regular and clear updates are provided to the global security operational teams
• Investigate security events, both automated (e.g. system alerts) and manual (e.g. Service Desk tickets)
• Collaborate with system owners to identify remediation plans for security issues found and tracks to completion
• Assist in the coordination of regular security assessments including penetration tests and application vulnerability evaluation
• Work to strict change control governance
• Act as escalation point for IT team members in the resolution of complex problems
• Act as a single point of contact for phone calls, emails and self-service tickets from internal staff on IT security issues, queries and requests
• Proactive system security maintenance and help prepare for major incidents
• Publish support documentation to assist IT colleagues in following defined IT processes
• Support the IT Operations and Engineering teams in delivering all aspects of support inclusive of priority one operational outages

Your Skills, Knowledge & Qualifications

• Professional work experience in the cybersecurity industry, with exposure to senior management; Bachelor’s degree/ technical degree or equivalent holder
• CISSP, CISA or GIAC certification preferred; CEH certification would be beneficial
• Knowledge and experience working with an ISMS
• A proven knowledge of security principles and best practices
• Good network and edge protection, firewalls, proxies and cloud brokering
• Good knowledge of offensive and defensive Attack Methods, threat hunting, detection and monitoring technologies, MITRE attack framework and industry kill chains, attacker methods in complex, globally enabled programs
• Good application of network analysis technologies, and good Endpoint Detection & Response (EDR) skills
• Basic system, network and cloud forensic experience; Basic operating system security (Windows/ Linux)
• Ability to assess the situation, strategize, and make rapid informed decisions on appropriate courses of action
• Has flexibility and able to listen and act on expert feedback, modifying plans and actions dynamically
• Has been involved in major incident response scenarios as an active participant
• Knowledge of security and regulatory practices (e.g. ISO 27001, NIST, Cobit, GDPR)
• Strong written and verbal communications skills, able to present technical risks and issues to technical and non-technical audiences internal and external to the organisation
• Eligible to work in the UK.